Spiro and GDPR
Perhaps you’ve heard about the European Union’s General Data Protection Regulation also known as GDPR. Even if your company is based in the US or other non-EU countries, it could still apply to you, so Spiro has taken steps to make sure that we’re compliant, which means that your data is compliant while you’re using Spiro.
This law went into effect May of 2018.
The real high-level purpose of the GDPR is to allow individuals to control and manage how their personal information is stored, shared and used by companies that collect it. If successfully implemented, the hope is that:
- there will be fewer data breaches releasing personal information;
- if breaches do occur that people will be promptly notified; and
- consumers will be better protected from malicious marketing.
This article will try to explain in plain language how Spiro is complying with GDPR and why your data is protected and in compliance, no matter what country you live in.
Spiro as the “Data Processor”
EU regulations often have their own language to them, and in the case of GDPR, we need to introduce you to the concept of “Data Processor” and “Data Controller”.
This basically means you own the data and are responsible for it.
When you use Spiro to manage your customers, it means that you have engaged Spiro as a “Data Processor” to carry out certain processing activities on your behalf. For example, to show you a list of your contacts, or to make a call to a contact.
To be super clear, Spiro will only process your data based on your instructions as the data controller.
Lastly, it is important to understand that Spiro Technologies, Inc. is a Delaware (US) Corporation and is your contractual partner. Even though we’re based in the United States at 229 Berkeley St, 4th floor, Boston, MA 02116, if your data contains information about EU residents it’s important that you and Spiro both maintain GDPR compliance.
Where is Your Data Stored?
Spiro’s hosting services are based in the United States, so your data technically resides in the US.
For our European customers, please be assured that even though your data has been transferred out of Europe, it is still protected and GDPR compliant.
The GDPR has strict rules for moving data outside of Europe. This is only natural - otherwise, it would be impossible for the law to fulfill its purpose.
We want to assure you that your data is completely protected even after it leaves Europe. We do this by making sure that our third-party service providers have either certified under the EU-US Privacy Shield framework or signed the EU Commission’s standard contractual clauses for data transfers with us.
Hopefully, this helps you to better navigate the EU’s data protection requirements. If you have any questions with regard to the above, you’re welcome to reach out to us at firstname.lastname@example.org and we’ll do our best to explain things further.
Spiro as the “Data Controller”
Besides being a “Data Processor” who uses your data to provide you the Spiro application, we also collect data about our European customers and prospects in our web app, mobile apps, and website.
This information may include your address, email address, billing information, phone number and more. We use this information for our “legitimate interests” as defined in the GDPR. These interests include:
- Improving Spiro to help you close more deals;
- Making sure that your data and Spiro’s systems are safe and secure.
- Responsible marketing of our product and its features.
In addition, to be compliant with the GDPR we must provide data that we collect to Government agencies upon request, as specified by the laws of the countries that we operate. As of March 2018, we have never been asked by any governmental agency to provide data of any nature to them.
As the controller for your personal data, Spiro is committed to respecting all your rights under the GDPR. If you have any questions or feedback, please reach out to our Data Protection Officer by email at email@example.com.